Detections
Analytics
Novell ZENworks Configuration Management < 11.2.4 Multiple Vulnerabilities
critical Nessus Plugin ID 70726
Language:
Synopsis
The remote web server is running a configuration management application affected by multiple vulnerabilities.Description
The version of Novell ZENworks Configuration Management installed on the remote host can be tricked into disclosing any file readable by the Novell ZENworks umaninv service, and as such it is affected by multiple vulnerabilities :- A directory traversal vulnerability exists that allows any file readable by the Novell ZENworks umaniv service to be disclosed. (CVE-2013-1084)
- An unspecified flaw in the ZENworks Control Center page that can result in an application exception with an unspecified impact. (CVE-2013-6345)
- An unspecified cross site request forgery flaw in the ZENworks Control Center page. (CVE-2013-6346)
- An unspecified cross frame scripting flaw in the ZENworks Control Center page. (CVE-2013-6344)
- An unspecified session fixation flaw in the ZENworks Control Center page. (CVE-2013-6347)
Solution
Update to Novell ZENworks 11.2.4 or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-13-258/
Plugin Details
Severity: Critical
ID: 70726
File Name: novell_zenworks_configuration_management_directory_traversal.nasl
Version: 1.15
Type: remote
Family: CGI abuses
Published: 11/1/2013
Updated: 6/5/2024
Supported Sensors: Nessus
Enable CGI Scanning: true
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:novell:zenworks_configuration_management
Required KB Items: www/zenworks_control_center
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: Exploits are available
Exploited by Nessus: true
Patch Publication Date: 10/28/2013
Vulnerability Publication Date: 10/29/2013
Reference Information
CVE: CVE-2013-1084, CVE-2013-6344, CVE-2013-6345, CVE-2013-6346, CVE-2013-6347